Salami slicing attacks

Salami slicing Attacks

[email protected]

$whoami

What's salami slicing attacks?

Salami slicing refers to a series of many small actions, often performed by clandestine means, that as an accumulated whole produces a much larger action or result that would be difficult or unlawful to perform all at once. The term is typically used pejoratively. Although salami slicing is often used to carry out illegal activities, it is only a strategy for gaining an advantage over time by accumulating it in small increments, so it can be used in perfectly legal ways as well.

In information security, a salami attack is a series of minor attacks that together results in a larger attack. Computers are ideally suited to automating this type of attack.

Salami slicingHow to cheat water

meter

Salami slicingHow to cheat water meter

Rounding attacks

Rounding attacksEx1: Internet banking

Rounding attacks

Round(0.005, 2)=0.01 USD = 1 cent100 * (105.60 VND -> 0.01 USD) => 10,560.00 VND = 1.00 USD

Rounding attacksEx2: Petrol station


22,200.00 VNĐ --> 1 litre200 VNĐ --> 0.009009009...

Round(0.00909, 2)=0.01 litre100 * (200 VND -> 0.01 lire) => 20,000.00 VND = 1 litre


22,200.00 VNĐ --> 1 litre50,000.00 VNĐ --> 2.2522522522...

Round(2.252252, 2)=2.25 litre


In Viet Nam, Petrol station uses round down/ truncate function. That means you guys always lose :)

Deposit accountEx 3

You have 100$, you deposit 100$ --> 1.2$/monthYou deposit 42 cents --> 0.00504$/monthRound(0.00504,2) = 0.01$ = 1 cent/month

You should share 100$ to 238 accounts (42 cents per account). After one month, You will get 238 x 0.01$ = 2.38$ :)

References

1.Salami attack at Asia Commercial Bank

http://www.vnsecurity.net/2008/05/salami-attack-at-asia-commercial-bank/

2. Adrian Furtuna - Practical exploitation of rounding vulnerabilities in internet banking applications

http://2013.zeronights.org/materials

3. Is Your Online Bank Vulnerable To Currency Rounding Attacks

http://blog.acrossecurity.com/2012/01/is-your-online-bank-vulnerable-to.html

4. http://en.wikipedia.org/wiki/Rounding

http://www.vnsecurity.net/2008/05/salami-attack-at-asia-commercial-bank/

http://2013.zeronights.org/materials

http://blog.acrossecurity.com/2012/01/is-your-online-bank-vulnerable-to.html

Questions?

Salami slicing attacks

Technology

attacks ex2

attacks ex1

whats salami slicing

salami attack

series of minor attacks

petrol station22

larger attack

type of attack

Transcript of Salami slicing attacks

Oshe Salami

Dependence-Cache Slicing: A Slicing Method Using Lightweight Dynamic Information

Avoid salami slicing and duplicate publication

The EIA in Selected Member States - Justice&Environment comprehensive... · The EIA in Selected Member States ... Use of the “Salami slicing” procedure ... attack in court the

Last time - University of Waterloo · Last time Malicious code ... Salami attacks A salami attack is an attack that is made up of many ... – If you type in your password, you've

sscbs.bestbookbuddies.comsscbs.bestbookbuddies.com/opac-tmpl/bootstrap/PDF/B.Sc.Semester… · Describe Salami attack and explain why salami attacks persist? Define Risk and Risk

The Salami Merchant - w8wky.orgw8wky.org/wp-content/uploads/salami-merchant/March_2013_Salami... · The Salami Merchant ... Debbie Conklin KD8DEB ... If you hear no one after 7:35

Threats, Attacks, and Vulnerabilities · Threats, Attacks, and Vulnerabilities ... Salami Attack from Office Space. ... A computer virus is a type of malware that, when

Efficiencies Plan 2020-23 · cutting targets, top-down salami slicing of departmental budgets, or cuts to frontline services as we have seen previously in Jersey. This programme is

Younes SALAMI - upcommons.upc.edu

prezi - TUM · own contribution to publication exaggerating Salami Slicing und duplicate publications unpublished publications cited as citing man arXiv "in press of authorships Order

Introduction - KDIGO...2017/02/03 · No to “salami slicing” • Example: A drug proposed to be used to treat breast cancer patients refractory to first-line treatment – No,

ROYAL LONDON POLICY PAPER 10 The Curse of Long Term Cash€¦ · Source: ‘Royal London Policy Paper 8: Time to stop the salami slicing of pension tax relief’ Tables 1 and 2 show

Program Slicing Program Testing and Analysis€¦ · 4. Dynamic Slicing Mostly based on these papers: Program Slicing, Weiser., IEEE TSE, 1984 Thin Slicing, Sridharan et al., PLDI

Salami-slicing and plagiarism: How should we respond? · Salami-licing and plagiaim: Ho hold e epond? 7 1 3 Table 2 Editors’ratingsofappropriateconsequences.Seriousconsequencesinclude:Blacklistforfuturesubmissions

Key changes to the Scottish EIA do they mean for planning? · requirements –should prevent salami slicing •“Main characteristics of the operational phase” –focus on natural

Sandwell Registration Services Day – Session 2.pdf · •‘salami’ slicing no longer an option. The Sector •Rise of the private sector •The ‘predatory crematorium ...

Salami Gear Pumps

Welcome to GEN-8001: Take control of your PhD journey20192608091931/GEN-8001_Sp… · 12 Salami slicing Questionable research practices Categorized as less severe, but still considered

Plagiarism, self-plagiarism, salami slicing, and research ... · Publish & perish Plagiarism, self-plagiarism, salami slicing, and research misconduct Neal Stewart [email protected]